With Apache

1 - Load mod_ssl

First, simply uncomment the following line in the httpd.conf file. To modify the httpd.conf file we will use the Nano text editor.

httpd.conf file is usually located at: /etc/apache2/httpd.conf. It's recommended to make a copy of httpd.conf file just in case we brake something. 


$ cd /etc/apache2/
$ sudo cp httpd.conf httpd.conf.old
$ sudo nano httpd.conf

Find the following line and uncomment it. Just in case you are not sure, comments have a leading pound/hash symbol ( # ) – just remove it.

2 - Include httpd-ssl.conf File

While we still have the httpd.conf file open, we also need to uncomment the line that includes the httpd-ssl.conf file.


3 - Add VirtualHost to httpd-ssl.conf

The last step is to configure a new virtual host that is bound to port 443 (HTTPS). There is already a sample <VirtualHost> record in the httpd-ssl.conf file. I suggest you first remove it or comment it all out so that you can just paste in the necessary code at the bottom of the file.

httpd-ssl.conf file is usually located at: /etc/apache2/conf/httpd-ssl.conf

You will need to open the file using Nano (you can create a copy first for security reasons):

Add VirtualHost 

$ cd /etc/apache2/extra
$ sudo cp httpd-ssl.conf httpd-ssl.conf.old
$ sudo nano httpd-ssl.conf

Declare VirtualHost

The first step is to declare a new virtual host using the <VirtualHost> directive.



<VirtualHost *:443>

General Virtual Host Settings

Next, within the <VirtualHost> directive, we will declare some basic host settings:

  • DocumentRoot: absolute path to the webroot for the site
  • ServerName: the fully qualified domain name (FQDN)
  • ErrorLog: location of the error log
  • CustomLog: location of the access log

Enable SSL

To enable the SSL engine in Apache we simply add set the setting to “on”.

Enable SSL 

#SSL Engine Switch
SSLEngine on

Convert .pfx to .crt and .key

A .pfx (Personal Information Exchange Format) is a file that enables the transfer of certificates and their private keys, it contains the public key file (SSL certificate file) .crt and the associated private key file .key.

In order to configure our Virtual Host, if we have a pfx file we will need to treat the private key and the certificate.

To extract the certificate:


$ openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

To extract the key:


$ openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]


Sometimes it's needed to have an unencrypted .key file to import on some devices.  I probably don’t need to mention that you should be careful. If you store your unencrypted keypair somewhere in an unsafe location anyone can have a go with it and impersonate for instance a website or a person in your company. So always be extra careful when it comes to private keys!


openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]


Specify certificate and private key

Using the paths as I described at the beginning, we will tell the SSL engine the location of the certificate request file (CSR) and the private host key (.key).

#Server Certificate:
SSLCertificateFile "/private/etc/apache2/ssl/certificate.crt"
#Server Private Key:
SSLCertificateKeyFile "/private/etc/apache2/ssl/keyfile-decrypted.key

4 - Test Configuration and restart Apache

$ sudo apachectl -t
$ sudo apachectl restart

All done. You are now serving your website over HTTPS using Apache.

Related informations: https://blackdiezone.net/2019/09/como-convertir-un-pfx-a-un-archivo-separado-key-crt/

Related articles:

How to install/update SSL certificate on the server where neoCatalog is hosted

Access neoCatalog from an external network (Internet Access)